Application No.: 



10/588,879 



IN THE CLAIMS: 

Please amend the claims as indicated. A complete set of the claims is included below, 
reflecting added subject matter {underlining) and deleted subject matter (strikethrough) , as well 
as the current status of each claim. This listing of claims will replace all prior versions, and 
listings, of claims in the apphcation: 

1 . (Original) A method for controlling access to an object in an operating system, the 
method comprising: 

receiving a call from an extemal object to a first interface of a target object; 
at the target object, determining whether the extemal object has access to other interfaces 
of the target object based on the call to the first interface; and 

granting access to the other interfaces according to the determination. 

2. (Original) A method as recited in claim 1, wherein determining whether the extemal 
object has access to other interfaces of the target object further comprises examining a security 
policy contained within the target object. 

3. (Original) A method as recited in claim 2, wherein the security policy is contained 
entirely within the target object. 

4. (Currently Amended) A method as recited in claim 1 , further comprising determining 
whether the extemal object and the target object operate in the a same process. 
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5 . (Currently Amended) A method as recited in claim 1 , wherein determining whether the 
external object has access to tiie other interfaces of the target object further comprises: 

identifying the other interfaces of the target object that can be accessed when the first 
interface is being requested by the external object. 

6. (Original) A method as recited in claim 1, further comprising determining a first process 
of the target object. 

7. (Original) A method as recited in claim 6, fiirther comprising determining a second 
process of the extemal object. 

8. (Original) A method as recited in claim 7, further comprising performing a cross-process 
communication between the target object and the extemal object. 

9. (Original) A method as recited in claim 1, further comprising securing a channel for each 
interface of the target object. 

10. (Currently Amended) A method as recited in claim 1 , wherein determining whether the 
extemal object has access to tiie other interfaces of the target object further comprises analyzing 
access constraints within the target object. 

11. (Original) A method as recited in claim 1, further comprising analyzing interface access 
data stored within the target object. 
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12. (Original) A method as recited in claim 1, further comprising determining whether the 
target object and the extemal object are in a same protection domain. 

13. (Original) A method as recited in claim 12, wherein the protection domain is a process. 

14. (Currently Amended) A method as recited in claim 1, wherein the target object sets the 
target object's its own security policy. 

1 5 . (Currently Amended) A method as recited in claim 1 , wherein determining whether the 
extemal object has access to tiie other interfaces further comprises determining ^ capabilities of 
the extemal object. 

i&T 16^ (Currently Amended) A method as recited in claim 15 44, further comprising mapping 
the capabilities of the extemal object to the interfaces of the target object. 

4^ 17. (Currently Amended) A method as recited in claim 1, wherein the target object and the 
extemal object are created using a same methodology. 

¥h 18. (Currently Amended) A method as recited in claim 1, wherein the target object and the 
extemal object are views in a view hierarchy. 
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i%T 19^ (Currently Amended) A method as recited in claim 18 4^, wherein a view has a parent 
calling interface, a child calling interface, and a child managing interface. 

^ 20^ (Currently Amended) A system that controls access to an object in an operating system, 
the system comprising: 

a module configured to receive a call from an extemal object to a first interface of a 
target object; 

a module configured to determining whether the extemal object has access to other 
interfaces of the target object based on the call received at the first interface; and 

a module configured to grant access to the other interfaces according to the 
determination. 

SOt 2L (Currently Amended) A system that controls access to an object in an operating system, 
the system comprising: 

means for receiving a call from an extemal object to a first interface of a target object; 

means for determining, at the target object, whether the external object has access to 
other interfaces of the target object based on the call to the first interface; and 

means for granting access to the other interfaces according to the determination. 

22-30. (Withdrawn) 
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2iT 3L (Currently Amended) A computer readable medium storing instructions for controlling a 
computer device to control access to an object in an operating system, the instructions 

comprising: 

receiving a call from an extemal object to a first interface of a target object; 
at the target object, determining whether the extemal object has access to other interfaces 
of the target object based on the call to the first interface; and 

granting access to the other interfaces according to the determination. 

32. (New) A method as recited in claim 1, fiirther comprising the step of securing the object 
in the operating system, utilizing the steps of: 

determining one or more access constraints of the target object; 

identifying a protection domain that has a security profile that corresponds to the one or 
more access constraints of the target object; and 

placing the target object in the protection domain. 

33. (New) A method as recited in claim 32, further comprising the step of: 
creating the target object and a second object using the same methodology. 

34. (New) A method as recited in claim 33, wherein the target object and the second object 
can communicate transparently across two or more protection domains. 

35. (New) A method as recited in claim 32, wherein the protection domain is a process. 
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36. (New) A method as recited in claim 32, further comprising the step of: 

creating an object-to-object security model wherein security constraints for an object are 
contained within the object. 

37. (New) A method as recited in claim 32, wherein identifying a protection domain further 
comprises attempting to identify a protection domain that is local relative to the target object. 

38. (New) A method as recited in claim 32, further comprising the step of: 
creating a process based on security requirements of the operating system. 

39. (New) A method as recited in claim 38, further comprising the step of: 
clustering objects in the process based on security policies of the objects. 

40. (New) A system as recited in claim 21, further comprising a system for securing the 
object in the operating program, the system comprising: 

means for determining one or more access constraints of the target object; 
means for identifying a protection domain that has a security profile that corresponds to 
the one or more access constraints of the target object; and 

means for placing the target object in the protection domain. 
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